After PIX upgrade from 6.3 to 7.2(2) VPN doesn?t work

Unanswered Question
Feb 21st, 2007

Hi There,

I have configured site-to-site VPN between PIX and router 871. After upgrade to version 7 , I am not able to access the remote network. I am using ver 7.2(2) in the pix and IOS ver 12.4(6)T2 in the router. The ACLs for no nat and encryption are :

access-list encryp permit ip 172.16.0.0 255.240.0.0 192.168.130.0 255.255.254.0

access-list encryp permit ip 192.168.0.0 255.255.255.0 192.168.130.0 255.255.254.0

access-list nonat permit ip 172.16.0.0 255.240.0.0 192.168.128.0 255.255.128.0

access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.128.0 255.255.128.0

Is possible that the pix OS ver 7 do not support this ACLs type (IP class B with mask /12 or IP class C with mask /17 ??

Thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
daviddtran Wed, 02/21/2007 - 06:08

Hi c-quinteros,

Whoever designed the Pix firewall should be

shot. It's so F! stupid. But enough of my

ranting.

I ran into the same problem you have before

when upgrading from 6.3(5) to 7.2(2). You

need to do this for it to work:

tunnel-group DefaultRAGroup ipsec-attributes

isakmp ikev1-user-authentication (outside) none

keep in mind that these are "hidden" command.

WTF!

for version 7.1(2):

tunnel-group DefaultRAGroup general-attributes

authentication-server-group (outside) none

Good luck.

David

CCIE Security

Actions

This Discussion